package com.filter;

import java.io.IOException;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.bean.RolePermission;
import com.bean.User;

/**
 * @author author : 张鹏
 * @date createTime：2018年3月16日 下午5:59:22
 * @Description : 权限过滤器(未使用)
 */
public class UserFilter implements Filter {
	String[] notFilter = { "login.jsp", "user/login", "user/logout",
			"material/getAllMaterialAjax", "unit/getAllUnitAjax",
			"supplier/getAllSupplierAjax",
			"food/getFoodByClassificationIdAjax",
			"food/getFoodByPrimaryKeyNoMaterialReturnTo",
			"productionPlan/getProductionPlanByStateAjax"
			,"productionPlan/getAllProductionPlanAjax"

	};
	String uri = null;

	@Override
	public void doFilter(ServletRequest arg0, ServletResponse arg1,
			FilterChain filterChain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) arg0;
		HttpServletResponse response = (HttpServletResponse) arg1;

		System.out.println("------------");
		// 请求的uri
		uri = ((HttpServletRequest) request).getRequestURI().substring(14);
		System.out.println(uri);
		filterChain.doFilter(request, response);
		
/*
		if (!isNoFilter(uri)) {
			User user = (User) request.getSession().getAttribute("user");
			List<RolePermission> rolePermission = (List<RolePermission>) request
					.getSession().getAttribute("rolePermission");

			String category = isJsOrJspOrAjax(uri);

			if (category == "jsp") {
				System.out.println("是jsp");
				if (null == user) {
					System.out.println("没有登录");
					response.sendRedirect("login.jsp");
				} else {
					System.out.println("已经登录");
					// 如果session中存在登录者实体，则继续
					filterChain.doFilter(request, response);
				}
			} else if (category == "ajax") {
				System.out.println("是ajax");
				if (null == user) {
					System.out.println("ajax没有登录");
					response.setHeader("sessionstatus","timeout");
					response.setStatus(403);
                    //向http头添加登录的url
					response.addHeader("filterResult", "noLogin");
				} else {
					System.out.println("ajax已经登录");
					if (isHavePermission(rolePermission)) {
						System.out.println("ajax有权限");
					} else {
						//向http头添加 状态 sessionstatus
						response.setHeader("sessionstatus","timeout");
						response.setStatus(403);
	                    //向http头添加登录的url
						response.addHeader("filterResult", "noPermission");
						System.out.println("ajax没有权限");
					}
				}
				filterChain.doFilter(request, response);
			} else {
				System.out.println("是js或者css");
				filterChain.doFilter(request, response);
			}
		} else {
			filterChain.doFilter(request, response);
		}*/

	}

	/**
	 * 是否有权限
	 * 
	 * @param rolePermission
	 * @return
	 */
	private boolean isHavePermission(List<RolePermission> rolePermission) {
		boolean result = false;
		for (RolePermission permission : rolePermission) {
			try {
				if (uri.equals(permission.getPermission().getPermissionName())) {
					result = true;
					break;
				}
			} catch (Exception e) {
				System.out.println("权限判断问题");
				break;
			}
		}
		return result;
	}

	/**
	 * 判断是否在无须过滤的列表中
	 * 
	 * @param uri
	 * @return
	 */
	private boolean isNoFilter(String uri) {
		boolean result = false;
		for (String s : notFilter) {
			if (uri.indexOf(s) != -1) {
				// 如果uri中包含不过滤的uri，则不进行过滤
				System.out.println("不用过滤");
				result = true;
				break;
			}
		}
		return result;
	}

	/**
	 * 判断请求是js 还是 jsp 还是ajax
	 * 
	 * @param uri
	 * @return
	 */
	public String isJsOrJspOrAjax(String uri) {
		String str = uri.substring(uri.length() - 3, uri.length());
		if ("jax".equals(str)) {
			return "ajax";
		} else if (".js".equals(str)) {
			return "js";
		} else if ("css".equals(str)) {
			return "css";
		} else {
			return "jsp";
		}
	}

	@Override
	public void destroy() {
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {

	}
}
